Privacy and Free Speech

By Karen Coyle Talk Given at the Association of Law Libraries Ninety-First Annual
Meeting in Anaheim, California, July 13, 1998

My handout for this session, available in your registration packet, is a short
primer on the
Internet and privacy. I wrote this because I
think many people have the idea that computers, by their nature, invade our
privacy. While it might seem that is so, I have to tell you, as someone who
spends most of her waking hours trying to coax these profoundly stupid
machines into performing the simplest of tasks, that computers have no
interest in who we are and what we think.

The Internet is also often accused of keeping track of our thoughts and actions.
In fact, the Internet is what we call a "machine to machine"
system: all operations take place between computers. That there is often
a human at the computer is of no relevance to the functioning of the Internet.

Yet you are not being paranoid if you have the feeling that your every
move on the Internet is being watched. It's true that cookies and clickstream
data (which I explain in detail in the handout) do exist, but the data
that they gather is about connections between machines and in general
there is nothing in this that can identify you personally.

The real threat to privacy comes not from computers but from the interests
behind those computers: the owners of Web sites who are interested in
gathering detailed information about who visits their site and the demographics
of those visitors. It isn't that website owners are just a bunch of snoops;
the Web works on an economic model based on advertising revenue, and that
model requires a gathering of data about potential consumers.

In this country we are all accustomed to the fruits of direct marketing.
We know that when we subscribe to a new magazine that our name will be
sold as part of that mailing list and we'll get more junk mail. So why
should we be concerned when these same practices move onto the Internet?

It's because computers and networked communications hold a particular
potential for an unprecedented invasion of our privacy. In real life points
of data gathering are relatively few and uninformative. So, for example,
I might be one of many people who subscribes to the New York Times and
has it delivered to my door. This puts me in a rather large and amorphous
category of newspaper readers.

But if I subscribe to the New York Times online edition, there exists
the potential to track how often I access the paper, which articles I
click on, and how much time I spent on each one. The result of this is
that the profile of who I am -- as a reader, as a concerned citizen, as
a social being -- is much more detailed than what can be known about me
merely from my subscription to the publication.

The same is true of the difference between my visits to a local bookstore
and online book shopping. In an article in the aforementioned New York
Times about Amazon.com, a representative of Simon & Schuster waxed
enthusiastic about the online bookstore, saying: "What's ... fascinating
is that they know who's buying the books and what they like. And that's
incredibly valuable to us." Compare this to the effort that Kramerbooks
in Washington, D.C. had to go through to find evidence of purchases by
Monica Lewinsky to respond to a grand jury request.

Registration to the New York Times online is free, although you do have
to give a valid email address and you are asked some demographic questions
like your age, sex and household income. This service, and many thousands
of others on the Net, is free because you have paid for it with information
about yourself. Personally identifiable information is rapidly becoming
"coin of the realm" of the online world. Those "free"
registrations are a barter of your information for a product.

New protocols, called "privacy protocols" are under development
at the World Wide Web Consortium (known as the W3C). These protocols would
add a feature to your Web browser that would allow the browser and each
Web site that you visit to engage in a dialog about what information about
you the site wants and what information you have profiled to be released.
This exchange would take place in the background, saving you the effort
of re-entering data about yourself as you visit different Web sites. Although
this is referred to as a "privacy" protocol, the result of this
technology will not be more privacy but an easier way to exchange "value"
between you and Web sites; the value being your personal information.

In the future, you can expect more often to be asked to exchange your
privacy for access to information.

Libraries and Privacy

It may seem odd to you, but in my experience those of you in the library
profession are the only ones who really make the connection between privacy
and free speech; who understand that there is not much value in having
the protections of the first amendment if people are afraid to read the
ideas of others, are afraid to be caught listening. Without privacy, free
speech is like the tree falling in the forest, with no one there to hear.

The library profession created its policy on patron confidentiality,
that is the guarantee of privacy, in 1975. Just a few years earlier, agents
of the Federal Trade Commission had visited libraries to ask for lists
of patrons who had checked out certain books. Fortunately, some of the
librarians who were approached recognized the danger that this posed to
intellectual freedom and brought it to the American Library's Association's
Intellectual Freedom Committee. Today, privacy is a standard part of a
library's commitment to the freedom to read.

The heart of issue is whether we see information as just another product
-- groceries, shoes -- or whether we think information seeking is personal
-- more like medical records than like our shopping habits. What we see
today is a rush to commodify information, to treat information as "the
product of the 90's."

What we are losing is the idea of reading and study as a deeply spiritual,
personal quest; the idea that your mind and soul and intellect are yours
and yours alone.

Self-regulation

We were each asked to address the concept of self-regulation; this is
the idea that companies and customers will arrive at a comfortable level
of privacy without the need for government intervention. I see self-regulation
as a kind of an ecology, and like all ecologies this means a constant
struggle to reach a balance. It also means that it has to be out of balance
some of the time. This might be alright if you're talking about receiving
junk mail, which is annoying but not dangerous. But with privacy, mistakes
can be very harmful, and the damage can last a lifetime.

Our current experience with self-regulation does not speak well for
this method. I know no one who likes having their dinner hour interrupted
with calls from strangers, yet this happens all too often. If self-regulation
worked, there probably would be no telephone soliciting. And few of us
desire the level of junk mail that we receive.

What is to be done?

Although we tend to see computers only as invaders of our privacy, I
want you to know that we could use computers to protect our privacy in
ways we never have before. We can do this and still give vital information
to those who depend on marketing information to bring products to the
public.

We can decide to protect personal privacy and to continue to protect
the right to read and explore ideas in the spirit of the first amendment.
It's a choice that we can make, although I have to emphasize that the
time to make this choice is now, before it's too late.